cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1448
Views
0
Helpful
6
Replies

Hairpin / Loopback configuration

ian.walberg
Level 1
Level 1

I have just changed from a nethear FVS336 to a Cisco RVS 325 and have one last item I cannot get set up.

We use a number of http services behind the router and access the using a port for each server, so port 8123 gets forwarded to port 80 on server IP x.x.x.123.

I have setup port 8123 in the Port Address Transalation Table to set sent to x.x.x.123 port 80 and this work ok from outside the office using the dns entry for the routers public IP.

However when accessing this from inside the office this does not work. Our previous netgear router worked ok.

From some investigation today this sounds like its a NAT loopback/hairpin issue if I understand the problem correctly.

How do i get this to work on the RVS325?

Thanks

6 Replies 6

Terence Payet
Level 1
Level 1

Hi Ian,

Yes this is a hairpinning issue. This is actually one of the most popular discussions.

But anyway, you can try the below config:

int Fa0/0

ip add 10.10.10.1 255.255.255.0

desc LAN

ip nat inside

int Fa0/1

ip add 1.1.1.1 255.255.255.0

desc WAN

ip nat outside

int lo0

ip add 10.11.11.1 255.255.255.255

ip nat inside

ip virtual-reassembly in

ip access-list extended LAN_HAIRPIN

permit ip 10.10.10.0 0.0.0.255

route-map LAN_HAIRPIN permit 10

match address LAN_HAIRPIN

set ip next-hop 10.11.11.2

int Fa0/1

ip policy route-map LAN_HAIRPIN

You could have tried using NVI which is much simpler, but i don't think the RVS series supports that. But i might be wrong.

Hope this helps.

Regards,

Terence

Can you please explain this configuration:

set ip next-hop 10.11.11.2

?

Hi Tonymctony,

Route map states that any packets that match access-list LAN_HAIRPIN will have the next hop set to 10.11.11.2 and be routed "out" the loopback interface. All other packets will be routed normally. We use 10.11.11.2 because this next-hop is seen as located on the loopback interface which would result in policy routing to loopback0. Alternatively, we could have used "set interface loopback0" which would have done the same thing.

HTH

Regards,

Terence

Thank you for the explanation. However, I am confused by this then:

int lo0

ip add 10.11.11.1 255.255.255.255 - doesn't this mean that there is only one address in the loopback interface network segment? Therefore, the next hop address 10.11.11.2 is meaningless.

Hi,

The 10.11.11.2 is just an arbitrary value as you cannot have a next-hop pointing to the router itself.

Like i said previously, you could have used the set interface loopback0. Basically what will happen is that loopback0 will do a 'recursive lookup'. 

Regards,

Terence

ian.walberg
Level 1
Level 1

Oddly we are now sometimes seeiing the URLs resolve and I am not sure what/if we have made any other changes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: